Mesh Firmware Security Vulnerabilities and Issues — Mesh Firmware CVE List

Lucene search

GotennaMesh Firmware

9 matches found

CVE•added 2025/05/01 6:15 p.m.•41 views

CVE-2025-32886

An issue was discovered on goTenna v1 devices with app 5.5.3 and firmware 0.25.5. All packets sent over RF are also sent over UART with USB Shell, allowing someone with local access to gain information about the protocol and intercept sensitive data.

5.5CVSS6.8AI score0.00018EPSS

CVE•added 2025/05/01 6:15 p.m.•40 views

CVE-2025-32890

An issue was discovered on goTenna Mesh devices with app 5.5.3 and firmware 1.1.12. It uses a custom implementation of encryption without any additional integrity checking mechanisms. This leaves messages malleable to an attacker that can access the message.

6.5CVSS7.1AI score0.0001EPSS

CVE•added 2025/05/01 6:15 p.m.•38 views

CVE-2025-32884

An issue was discovered on goTenna Mesh devices with app 5.5.3 and firmware 1.1.12. By default, a GID is the user's phone number unless they specifically opt out. A phone number is very sensitive information because it can be tied back to individuals. The app does not encrypt the GID in messages.

6.5CVSS4.6AI score0.00015EPSS

CVE•added 2025/05/01 6:15 p.m.•38 views

CVE-2025-32889

An issue was discovered on goTenna v1 devices with app 5.5.3 and firmware 0.25.5. The verification token used for sending SMS through a goTenna server is hardcoded in the app.

8.8CVSS7.4AI score0.00028EPSS

CVE•added 2025/05/01 6:15 p.m.•37 views

CVE-2025-32881

An issue was discovered on goTenna v1 devices with app 5.5.3 and firmware 0.25.5. By default, the GID is the user's phone number unless they specifically opt out. A phone number is very sensitive information because it can be tied back to individuals. The app does not encrypt the GID in messages.

6.5CVSS6.7AI score0.00015EPSS

CVE•added 2025/05/01 6:15 p.m.•37 views

CVE-2025-32882

An issue was discovered on goTenna v1 devices with app 5.5.3 and firmware 0.25.5. The app uses a custom implementation of encryption without any additional integrity checking mechanisms. This leaves messages malleable to an attacker that can access the message.

6.5CVSS7.1AI score0.00008EPSS

CVE•added 2025/05/01 6:15 p.m.•36 views

CVE-2025-32887

An issue was discovered on goTenna v1 devices with app 5.5.3 and firmware 0.25.5. A command channel includes the next hop. which can be intercepted and used to break frequency hopping.

7.1CVSS7.2AI score0.00017EPSS

CVE•added 2025/05/01 6:15 p.m.•35 views

CVE-2025-32885

An issue was discovered on goTenna v1 devices with app 5.5.3 and firmware 0.25.5. The app there makes it possible to inject any custom message (into existing v1 networks) with any GID and Callsign via a software defined radio. This can be exploited if the device is being used in an unencrypted envi...

6.5CVSS6.9AI score0.0005EPSS

CVE•added 2025/05/01 6:15 p.m.•35 views

CVE-2025-32888

An issue was discovered on goTenna Mesh devices with app 5.5.3 and firmware 1.1.12. The verification token used for sending SMS through a goTenna server is hardcoded in the app.

8.8CVSS7.3AI score0.00028EPSS